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DETAILED ACTION 

1 . This action is in response of the original filing of December 2 nd 2003. Claims 1-15 are 
pending and have been considered below. 

Specification 

2. The abstract of the disclosure is objected to because of improper content. The abstract 
should be in narrative form and generally limited to a single paragraph within the range of 50 to 
150 words. The content of a patent abstract should be such as to enable the reader thereof, 
regardless of his or her degree of familiarity with patent documents, to determine quickly from a 
cursory inspection of the nature and gist of the technical disclosure and should include that 
which is new in the art to which the invention pertains. Correction is required. See MPEP § 
608.01(b). 

3. The lengthy specification has not been checked to the extent necessary to determine the 
presence of all possible minor errors. Applicant's cooperation is requested in correcting any 
errors of which applicant may become aware in the specification. 

Claim Rejections - 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
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international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

5. Claims 1-15 are rejected under 35 U.S.C. 102(e) as being anticipated by Collins (US 
7095855). 

Claim 1 : Collins discloses a message a method of generating and sending a message from a first 
entity, the method including the steps of: 

a. Determining a message including an action (column 1, line 49-55, column 6, lines 
4-36); 

b. Generating an authentication code on the basis of the action (application) and a 
parameter (application identifier), the parameter being indicative of an attribute of the 
action (The message unique value 502 is combined with the secret value 400 in 
combination process 504 to form a secret message unique value 506. The secret message 
unique value 506 is substantially unique to the particular message, device and 
application. The combination process 504 can be implemented using the symmetric 
encryption based one way functions used in the financial industry, and/or hash functions 
such as SHA-1 and MD5) (column 1, lines 55-62; column 2, lines 34-42; column 3 lines 
15-22; column 5, line 57 to column 6 line 4; column 9, lines 15-40; Fig. 2, Fig. 5, Fig.4); 
and 

c. Sending the message and authentication code from the first entity (to form a 
secure message for transmission) (column 1 lines 63-67). 
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Claim 2: Collins discloses a message a method of generating and sending a message from a first 
entity, the method including the steps of: 

a. Determining a message including an action (column 1, line 49-55, column 6, lines 
4-36); 

b. Generating an authentication code on the basis of the action (application) and a 
parameter (device identifier), the parameter being based on the identifier (The message 
unique value 502 is combined with the secret value 400 in combination process 504 to 
form a secret message unique value 506. The secret message unique value 506 is 
substantially unique to the particular message, device and application. The combination 
process 504 can be implemented using the symmetric encryption based one way 
functions used in the financial industry, and/or hash functions such as SHA-1 and MD5) 
(column 1, lines 55-62; column 2, lines 34-42; column 3 lines 15-22; column 5, line 57 to 
column 6 line 4; column 9, lines 15-40; Fig. 5); and 

c. Sending the message and authentication code from the first entity (to form a 
secure message for transmission) (column 1 lines 63-67). 

Claims 3/1, 3/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 1 and 2 above, and further discloses that the action (application) is a 
function, and the parameter (application identifier) is indicative of the function (each 
communication type is associated with a particular application in the issuer device and a 
corresponding application in the holder device) (column 5 line 57 to column 6 line 4). 
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Claims 4/1, 4/2: C ollins discloses a message a method of generating and sending a message from 
a first entity as in claims 3/1 and 3/2 above, and further discloses that 

the entity is capable of generating messages for each of a plurality of types of function, and the 
parameter is indicative of the type of function comprised by the message that is sent (the 
corresponding applications 206 and 208 are assigned application identity values 406 and 414, to 
permit identification of an application or purpose for a particular message) (column 7 line 19 to 
column 8 line 4; Fig 2; Table 1). 

Claims 5/1, 5/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 3/1 and 3/2 above, and further discloses that the message includes one 
or more operands of the function (column 7 line 19 to column 8 line 4; Fig 2; Table 1). 

Claims 6/1, 6/2: C ollins discloses a message a method of generating and sending a message from 
a first entity as in claims 5/1 and 5/2 above, and further discloses that the function is a read 
function and the one or more operands include an address to be read (From a practical 
perspective, secure communications between the user 1034 and the banking service 1032, are 
used for transactions ranging from initial log on and password hand shaking between the banking 
service 1032 and the user 1034, through to other banking transactions such as reading an account 
balance, transferring funds and so on)(column 12, lines 20-45). 

Claims 7/1, 7/2: Collins discloses a message a method of generating and sending a message from 
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a first entity as in claims 5/1 and 5/2 above, and further discloses that the function is a write 
function and the one or more operands include data to be written (column 7, lines 37-45). 

Claims 8/1, 8/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 4/1 and 4/2 above, and further discloses that the types of function 
include at least a read and a write, wherein the authentication step produces a different 
authentication code depending upon whether the action is a read or a write (column 7 line 19 to 
column 8 line 4). 

Claims 9/1, 9/2: Collins discloses a message a method of generating and sending a message from 
a first entity as in claims 4/1 and 4/2 above, and further discloses that the authentication step 
produces includes authentication codes (this process can be selected appropriately to provide 
symmetric key encryption for confidentiality, or for providing a message integrity mechanism, 
such as message authentication code or keyed hash function or simply as a secret one time value 
within a higher level protocol) (column 9, lines 30-40). 

Claim 10: Collins discloses a method of generating a first authentication code for a first message 
for a first function, wherein operands for the first authentication function used to generate the 
first authentication code include at least part of the first message and at least one identifier 
associated with the first function (The message unique value 502 is combined with the secret 
value 400 in combination process 504 to form a secret message unique value 506. The secret 
message unique value 506 is substantially unique to the particular message, device and 



Application/Control Number: 10/727,274 Page 7 

Art Unit: 21 36 

application. The combination process 504 can be implemented using the symmetric encryption 
based one way functions used in the financial industry, and/or hash functions such as SHA-1 and 
MD5) (column 1, lines 55-62; column 2, lines 34-42; column 3 lines 15-22; column 5, line 57 to 
column 6 line 4; column 9, lines 15-40; Fig. 2, Fig. 5, Fig.4). 

Claim 1 1 : Collins discloses a method of generating authentication code as in claim 10 above, 
and further discloses a steps of verifying the authentication code in accordance with the at least 
one identifier associated with the first function If the encoding process 602 (see FIG. 6) 
implemented a message integrity mechanism such as a MAC or keyed hash function, then the 
decoding process 900 verifies the integrity of the secret message block 604 against message 
corruption or tampering, using MAC or keyed hash techniques, or both, as applicable) (column 
11, lines 25-40). 

Claim 12: Collins discloses a method of generating authentication code as in claim 10 above, 
and further discloses that the identifier is indicative of a type of the function (the corresponding 
applications 206 and 208 are assigned application identity values 406 and 414, to permit 
identification of an application or purpose for a particular message) (column 7 line 1 9 to column 
8 line 4; Fig 2; Table 1). 



Claims 13, 14: Collins discloses a method of generating authentication code as in claims 10 and 
12 above, and further discloses that the at least one identifier is indicative of the entity generating 
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the authentication code (addition, the authentication information can be used as a basis for 
establishing the origin, destination, sequence and timing of messages) (column 6, lines 14-35). 

Claim 15: Collins discloses a method of generating authentication code as in claim 14above, and 
further discloses that prior to generating the authentication code, of receiving a request from the 
entity for the first message, the request including information indicative of an identity of the 
entity (as a prerequisite to answering the request, a reliable indication that the information 
request has originated from a device and/or application which is known to, and authorized by, 
the information provider)(column 6, lines 1-35). 

Conclusion 

1 . The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Shelest et al US 7134019 Methods and system for unilateral authenticationof 
messages. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Fatoumata Traore whose telephone number is (571) 270-1685. 
The examiner can normally be reached Monday through Thursday from 7:00 a.m. to 4:00 p.m. 
and every other Friday from 7:30 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Nassar G. Moazzami, can be reached on (571) 272 4195. The fax phone 
number for Formal or Official faxes to Technology Center 2100 is (571) 273-8300. Draft or 
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Informal faxes, which will not be entered in the application, may be submitted directly to the 
examiner at (571) 270-2685. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the Group Receptionist whose telephone number is (571) 



272-2100. 



FT 

Friday, August 3 1 , 2007 



Nassar G. Moazzami 
Supervisory Patent Examiner 




